NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FOCUS-MS> 2003-q4

RE: Windows 2000 Server hardening

From: Daszczyszak, Roman L. SPC (1AD 501 MI BN ACE IMO) (roman.daszczyszak1ADTACM.1AD.ARMY.MIL)
Date: Fri Oct 10 2003 - 16:48:52 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Is there a good reference to state what these settings do? A Web-based
reference is preferred, but a book would be useful too, if you can recommend
any.

> -----Original Message-----
> From: Scott [mailto:scottcleven-mulcahy.com]
> Sent: Friday, October 10, 2003 02:15
> To: ttpost.com
> Cc: focus-mssecurityfocus.com
> Subject: Windows 2000 Server hardening
>
>
> These are settings I typically use. They cover TCP and NBT
> DOS protection.
>
> HKLM\System\CurrentControlSet\Services\AFD\Parameters\DynamicB
> acklogGrowthDe
> lta Dword:A
>
> HKLM\System\CurrentControlSet\Services\AFD\Parameters\EnableDy
> namicBacklog
> Dword:1
>
> HKLM\System\CurrentControlSet\Services\AFD\Parameters\MaximumD
> ynamicBacklog
> Dword:4E20
>
> HKLM\System\CurrentControlSet\Services\AFD\Parameters\MinimumD
> ynamicBacklog
> Dword:14
>
> HKLM\SYSTEM\CurrentControlSet\Services\DnsCache\Parameters\Que
> ryIPMatching
> Dword:1
>
> HKLM\SYSTEM\CurrentControlSet\Services\MrxSmb\Parameter\Refu
> seReset Dword:1
>
> HKLM\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NoName
> ReleaseOnDeman
> d Dword:1
>
> HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ArpAlw
> aysSourceRoute
> Dword:0
>
> HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Disabl
> eIPSourceRouti
> ng Dword:2
>
> HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Enable
> AddrMaskReply
> Dword:0
>
> HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Enable
> BCastArpReply
> Dword:0
>
> HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Enable
> ICMPRedirect
> Dword:0
>
> HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAl
> iveTime Dword:
> 493E0
>
> HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort
> Dword:FFFE
>
> HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SynAtt
> ackProtect
> Dword:2
>
> HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMax
> ConnectRespons
> eRetransmissions Dword:2
>
> HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMax
> ConnectRetrans
> missions Dword:2
>
> HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMax
> DataRetransmis
> sions Dword:3
>
> HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMax
> HalfOpenRetrie
> d Dword:190
>
> HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpen
> Dword:1F4
>
> HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TCPMax
> PortsExhausted
> Dword:5
>
>

---------------------------------------------------------------------------
Visual & Easy-to-use are not words that you think of when talking about
network analyzers. Need to share problem information with colleagues that
do not read packets?

Download ClearSight Networks Analyzer and see a new network analysis tool
that makes the complex - easy
http://www.securityfocus.com/sponsor/ClearSightNetworks_focus-ms_031006
---------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]